Can I Just Use Skype or FaceTime for HIPAA-compliant telemedicine?
Just about every internet-connected device comes with some sort of video conferencing solution, and it can seem easy to connect with patients using the programs that are readily available and free. After all, they’re probably already installed on the technology that you own, and accounts are simple to make. If your patient doesn’t mind, should you?
Skype and FaceTime, though great tools for connecting with family and friends, are not designed for medical use, are not a designated telemedicine platform and should not be used to treat patients. They are missing critical tools and security features, like HIPAA compliance, that are absolutely necessary to appropriately connect with patients via telemedicine, and they can cause major compliance issues for your practice in the long run.
Skype and Facetime Are NOT HIPAA Compliant
Most importantly, the common, free video conferencing solutions aren’t HIPAA-compliant. This means that any information transferred across the platform is not secure, and your patient’s information isn’t being protected.
Many insurance companies have minimum requirements that platforms must meet in order for providers to bill for telemedicine. HIPAA compliance is the number one concern, and the top of those lists. Insurers won’t reimburse for services provided on platforms that are not designed for telemedicine and that do not provide the requisite protections for their members’ data and medical information.
You Need A BAA
Aside from the security precautions and encryptions that are built into telemedicine systems, an organization that is designed for telemedicine will enter into an agreement with you called a Business Associate’s Agreement (BAA). This is integral to the HIPAA compliance. The BAA enumerates how data is stored, where it is stored and what the procedures that the entity, in this case the telemedicine company, follows to ensure that data is protected. A BAA is required by the Federal Government for one healthcare entity to share HIPAA-sensitive data with another healthcare entity.
The BAA is important because it shows that both entities comply with HIPAA, but it also provides remedies should the telemedicine solution you partner with have a breach or other HIPAA violation. It’s an important protection for both parties.
They Don’t Have Scheduling Tools
Consumer-grade video conferencing solutions don’t give you or the patient options to schedule appointments. Instead, one endpoint makes a “call” to another endpoint. It may be scheduled elsewhere or by hand, but there is no simple way to link the telemedicine appointment to any other software that tracks the appointment, the connection time or the patient information. With consumer-grade tools, it is much easier to accidentally log into a “session” that is meant for a specific person, and there are no other built-in methods to verify who you’re speaking to. With a telemedicine platform, the patient logs into a scheduled appointment that is tied to their patient account and protected with identifying information.
No Appointment Reminders
When you have a scheduler, the platform can also manage appointment reminders to help ensure that the patient presents for the appointment at the right time. A telemedicine platform automates these solutions so you don’t have to hire additional staff or a service to manage appointment reminders. So the next time you are required for dermatology telemedicine services, you will know.
The Details Are Important
There are big differences between tools that are designed for telemedicine and platforms that are meant for consumer use. Aside from major HIPAA violations, they lack the convenience and intuitiveness of solutions that are designed for medical use. HIPAA compliant technology, appointment scheduling, reminders and more are the minimum requirements for an effective telemedicine platform, and without them, providers leave themselves open for both inconvenience and major compliance violations.